companion-clis

github.com/runpod/skills

Verdict: Proceed with caution

0 critical11 high1 medium

SCORE 55 / 100

$skillox install companion-clisSoon

Why grade C?

score · 55 / 100

The current grade reflects 11 high-severity findings (3+ HIGHs → C).

0 CRIT11 HIGH1 MED0 LOW

To reach a higher grade

B
Reach Btarget score 75
Resolve 9 of 11 HIGH (cap is 2).
A
Reach Atarget score 95
Resolve all 11 HIGH.

Thresholds are documented at /docs/grading. Source-of-truth is the grade() function in @skillox/scanner.

Latest scan findings

Scan crawl-zkp8239mkd2u1lepdufebhsj · Thu, 28 May 2026 17:51:03 GMT · 2ms

high

Dangerous shell pattern: curl | shell

The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.

rule: dangerous-shellline: 34CWE-78

▾

32```bash

33# macOS / Linux (standalone installer — recommended)

34curl -LsSf https://hf.co/cli/install.sh | bash← curl | shell — common in destructive or supply-chain attacks

36# macOS (Homebrew)

high

Dangerous shell pattern: curl | shell

The skill contains a shell command pattern (`curl | shell`) commonly used in destructive or supply-chain attacks.

rule: dangerous-shellline: 226CWE-78

▾

224```bash

225# Linux convenience script (Ubuntu/Debian)

226curl -fsSL https://get.docker.com | sh← curl | shell — common in destructive or supply-chain attacks

227sudo usermod -aG docker $USER # allow non-root usage (re-login after)

228```

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 126CWE-552

▾

124```bash

125ssh-keygen -t ed25519 -C "your_email@example.com"

126# Saves to ~/.ssh/id_ed25519 (private) and ~/.ssh/id_ed25519.pub (public)← sensitive path — credential-exfiltration vector

127# Press Enter to accept the default path; set a passphrase or leave blank

128```

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 135CWE-552

▾

133# macOS

134eval "$(ssh-agent -s)"

135ssh-add --apple-use-keychain ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector

136

137# macOS — also add to ~/.ssh/config so the key loads automatically on login.

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 137CWE-552

▾

135ssh-add --apple-use-keychain ~/.ssh/id_ed25519

136

137# macOS — also add to ~/.ssh/config so the key loads automatically on login.← sensitive path — credential-exfiltration vector

138# Create the file if it doesn't exist, and add these lines:

139#

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 143CWE-552

▾

141# AddKeysToAgent yes

142# UseKeychain yes

143# IdentityFile ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector

144

145# Linux

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 147CWE-552

▾

145# Linux

146eval "$(ssh-agent -s)"

147ssh-add ~/.ssh/id_ed25519← sensitive path — credential-exfiltration vector

148

149# Windows (WSL2): use the Linux instructions above

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 166CWE-552

▾

164```bash

165# GitHub — upload via gh CLI (requires auth above to be completed first)

166gh ssh-key add ~/.ssh/id_ed25519.pub --title "my-machine"← sensitive path — credential-exfiltration vector

167

168# HuggingFace — paste contents of public key manually in browser

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.ssh\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 169CWE-552

▾

167

168# HuggingFace — paste contents of public key manually in browser

169cat ~/.ssh/id_ed25519.pub # copy this output← sensitive path — credential-exfiltration vector

170# Then add at https://huggingface.co/settings/keys

171```

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.docker\/config\.json`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 243CWE-552

▾

241```

242

243Credentials are saved to `~/.docker/config.json` after a successful login.← sensitive path — credential-exfiltration vector

244

245### Tagging

high

Sensitive filesystem path referenced

The skill references a path (`~\/\.aws\/`) that contains credentials or system secrets. Reading this from an unsandboxed skill is a credential-exfiltration vector.

rule: filesystem-overreachline: 331CWE-552

▾

329

330```bash

331# Option 1: interactive configure (writes ~/.aws/credentials and ~/.aws/config)← sensitive path — credential-exfiltration vector

332# When prompted: enter user ID as access key, S3 API key as secret.

333# Press Enter to skip region and output format — region is always passed per-command, not stored in config.

med

No capability manifest declared

The skill ships without a `manifest.yaml` or `capabilities` block in its frontmatter. Without a manifest, the runtime cannot enforce what this skill is permitted to do.

rule: no-manifest

▾

View latest scan →

skillox.io/c/companion-clis

Skill facts

Latest grade: C · 55
Total scans: 1
Latest version: —
Last scanned: 2026-05-28
Source: runpod/skills

AIBOM

What this skill accesses

No manifest

Declared (from capabilities)

No capabilities block in frontmatter — the skill doesn't state what it should access.

Observed (from scan findings)

Subprocess invocations

curl -LsSf https://hf.co/cli/install.sh | bash
curl -fsSL https://get.docker.com | sh

Filesystem paths

~/.aws/credentials
~/.docker/config.json`
~/.ssh/config
~/.ssh/id_ed25519
~/.ssh/id_ed25519.pub

AIBOM (Application Skills Bill of Materials) — see /docs/concepts/aibom for the format.

Version history

Only this scan

No other scans on record for this skill name. New scans appear here as the catalog re-crawls or creators request a re-scan.

Embed badge

Show this grade in your README.

Tracks the latest grade automatically. Updates within five minutes of every re-scan.

Markdown

[![SkillOx grade](https://api.skillox.io/badge/companion-clis.svg)](https://skillox.io/c/companion-clis)

Markdown · score

[![SkillOx score](https://api.skillox.io/badge/score/companion-clis.svg)](https://skillox.io/c/companion-clis)

HTML

<a href="https://skillox.io/c/companion-clis"><img src="https://api.skillox.io/badge/companion-clis.svg" alt="SkillOx grade"/></a>

reST

.. image:: https://api.skillox.io/badge/companion-clis.svg
   :target: https://skillox.io/c/companion-clis
   :alt: SkillOx grade

Coming soon

Creator verification badge, expert-review status, and Cosign-signed release attestation appear here as those layers ship. AIBOM + version history are live; the others follow once the creator portal completes its identity-proof + signing surface.